Features of Active Directory and its Logical Structure


Features of Active Directory (AD)

In Server 2008 Read-only domain controller (RODC) is introduced which only supports to the inbound replication and do not support to the outbound replication means the changes made on other domain controllers can accept but you by self cannot add or modify any object on that change (other Domain controllers).


The introduction of server core is also a new feature in 2008 which is a lightweight version of server 2008 which is only manageable and operated through the command prompt. Fine-grained password policies which gives the flexibility to our administrator that you can implement multiple lockout and password policies.


Also Read about

How to do DHCP server role installation and configuration?

What is Windows Server Active Directory and its uses and benefits?

Features of Active Directory and its LogicalStructure




Improvements also made in Auditing of Active Directory modification and deletions and can find that the where the actions of modification, or deletion is taken. Ability to start and stop Active Directory as a service before this if you need to perform a task such as offline maintenance then you need to Restart the AD domain controller but in 2008 server we can stop or restart it as a service after performing a task and you do not need to down the domain controller so with this Downtime is decreased and availability increases but not for all the task, for some tasks we are still required to stop and restart the domain controller.

 Introduction of Read-only Domain Controller is such a domain controller on which we can accept the replication but we cannot modify it just you can only read it and with this feature, it provides extra security and we can implement it on a place, where security is less, means such a farther work locations where you cannot provide a suitable security.

Fine grained password policies before 2008 server if we implemented a policy on a domain suppose password or lockout policy and on a domain level we could perform only one time and if we wanted to implement a different type of password or lockout policy then, in that case, we were unable to do so and for that purpose we need to create a new domain and we created a policy on a new domain but in 2008 we do not need to create a new domain.

Active Directory Logical Structure

As we already know Active directory is a collection of users, groups, services, and resources, and all these things in AD are known as Objects. In other words AD is a centralized database or repository of AD objects. AD is saved on a server in a network and this server is known as an active directory domain controller. 



In a network for the purpose of fault tolerance and redundancy  more than one domain controller may be present. For better organization such objects are categorized such as container objects and leaf objects (AD objects are divided into two parts). Container objects are such objects which can contain the other objects in it such as forest, tree, domain, organizational unit are such containers. Leaf objects cannot contain other objects such as users, computers, and printers, etc

Active Directory Domain

Domain is an area or region in which command and authority is present same like this window server domain is logical group of computers that uses and shares a central directory database and on that computers same or different versions of Microsoft Windows operating system maybe installed upon then we can implement the policies and restrictions. Domain is represented as a triangle.

Active Directory Tree

Active directory domain tree is a logical grouping of network resources and devices means it is a collection of one or more than one domains and there should be a relationship (The first domain that is made is parent also known as forest root and all other domains which are created under that are children) present among them such as parent-child relationship and all of these should use the same namespace. such as if our parent domain has the name "Engineer.com" then all child domains should have engineer.com such as sales.engineer.com, or accounts.engineer.com and if a child have further domains the then name will be north.sales.engineer.com or south.sales.engineer.com and so on. 


Active Directory Forest


It is the largest container object within the active directory and it is a fundamental security boundary within the Active directory means a user may be a part of any container object and can access resources across an entire Active Directory forest using a single logon/password combination but if you have trust relationship then an additional logon would be required to access resources across more than one forest. 



Forest is a collection of trees and trees are the collection of domains. Suppose in a forest there is a tree (engineer.com) and there is another tree in a network (abc.com) and if there would be a combination among them and are part of the same organization means will be installed in the same forest then users of both trees in a network can use each other's resources

Active Directory Organization Unit (OU)

It is admitted that the smallest container object in Active directory. An OU is a container that represents a logical grouping of resources that have similar security or administrative guidelines. OU is used for two important purposes such as delegation of control and application of security policies. OU is such a container on which we directly ca implement the group policy objects  GPOs.

OUs--->Domains-->Trees-->Forest

Post a Comment

0 Comments